1. Field of the Invention
The invention relates to systems for and methods of verifying the identity of persons initiating electronic transactions
2. Definitions
The following definitions are provided in order to set forth the intended scope and meaning of certain terms used in this disclosure and in the claims. Examples used in the definitions are intended to illustrate and clarify the definitions, and not to limit the definitions or the scope of the terms defined. The terms defined here include plural forms, singular forms, and grammatical congeners and alternatives.
“Electronic transaction”—includes a request for goods or services including, where relevant, an offer to pay for the goods or services, and a response to the request, wherein some step in the request and/or response involves the electronic communication of information. “Services” is defined broadly to include any requested action. “Electronic transaction” as the term is applied herein applies to transactions involving goods, services/actions of virtually any type. Although credit card transactions are a common example electronic transactions used herein to describe preferred embodiments of the invention, other examples of electronic transactions that fall within the scope of the invention include, by way of example, providing access to a secure space such as a room, vehicle, building, deposit box, or storage facility; providing secured and non-secured credit; providing banking services or other financial services; providing permission to cross national borders.
“Person”—includes individuals, entities, and collections of individuals or entities.
“User,” “customer,” and “payer”—are used interchangeably to refer to persons who seek to obtain goods or services through an electronic transaction. “Customer” and “payer” are preferred when referring to retail transactions; “user” is preferred when referring to non-retail transactions. “User-computer” refers to a computer to which a user has access for carrying out various steps of the method of the invention.
“Provider” has a broad and general meaning in the disclosure and the claims to include systems and subsystems of individuals and entities who provide goods and services to a user though an electronic transaction, including derivative or implicit services provided by third parties. In an electronic credit card transaction, for instance, the term “provider” includes the retailer, merchant, or other payee who is providing and being paid for the goods or services being purchased, and also the subsystem of various third party banking entities that provide the derivative services of advancing the credit being requested by the customer when the customer tenders her credit card.
“Bank” is defined functionally to refer to an entity or group of entities interacting to provide financial services related to an electronic transaction, including extending credit, transferring funds, and administrating financial accounts. The term also includes systems and sub-systems of such entities interacting to provide financial services, for example, payment transfer associations or credit card companies such as VISA® and MasterCard®. Thus, the term refers to a set of functions carried out by financial institutions in processing electronic transactions.
“Verifier” is defined functionally to refer to an entity that provides identity verification services as a part of an electronic transaction. The verifier may assume an independent existence from the parties conducting the transaction, as in a corporation that provides identity verification services for a fee. Alternatively, the verifier function may be subsumed by a goods and services provider, a bank, credit card company, or by another party to the transaction. In the figures and disclosures below, the representation of the verifier as separate from the provider is not meant to imply that the entities are necessarily distinct, but rather to illustrate the point that the functions of the verifier are distinct from the functions of the bank and the provider. Similarly, the term “verifier-computer” is functionally defined to mean whatever computer, server, or network is providing the verification functionality of the invention, regardless of where the computer, server, or network is physically located or who owns or controls it. A step that is to be taken by a “verifier-computer” is to be deemed equivalent to a step that is to be taken by the “verifier,” and vice versa.
“Verifier-database” refers to a compilation of user records that is accessible by a verifier-computer.
“Communications device”—is intended broadly to include communications devices of any nature linked in a communications system, through which communications system a first person or software application communicates with a second person or software application. The term includes computers linked to the Internet, telephones linked to land-line systems and cell phones and the like linked to wireless systems. “Personal communications device” refers to a communications device sufficiently small and mobile to be carried by a user, including, without limitation, cell phones, PDA's, wireless computers, Blackberry® devices, Bluetooth® devices, pagers, beepers, and other personal devices having wireless transceiver capabilities.
“Local software”—refers to software accessed by the user-computer in carrying out the invention. Local software “performing” a step refers to the user-computer carrying out the specified function as directed by the local software.
“User access number”—an alphanumeric or other data representation used to access a user's communications device.
“Identity Verification Request (IVR)”—an electronic request initiated by a verifier and sent to a user asking the user to verify the user's identity.
“Secure identifier”—a generic term for a secure data representation used to identify a person. The term includes, by way of example, secure alphanumeric representations, passwords, codes, secret numbers, PINs, passwords, or digital representations of biometric features that can be used to identify a person or entity. In the examples provided, the use of “password” is not intended to exclude other types of secure identifiers and is, in fact, intended to be representative of the genus. The term “putative secure identifier” refers to a secure identifier that is offered in response to an IVR. A “bona fide secure identifier” refers to a known valid secure identifier to which a putative secure identifier is compared.
Existing Art
The present invention solves the complex problem of how to verify the identity of a person initiating an electronic transaction.
The most commonplace electronic transaction is of the type initiated by a customer swiping a credit card through a point of sale card reader, thereby making a primary request to purchase goods or services. Such a request also includes, an implicit or derivative request that credit be extended to the customer or that funds be transferred from the consumer s account to the account of a merchant or service provider. Other examples of electronic requests include the use of a coded card or biometric features to gain access to a room or building; the use of a coded card in automated teller machines (ATMs); and online commercial transactions in which an account number is provided through the Internet to an online merchant.
Because such electronic requests are extremely convenient for all parties involved, many of the fraud and security problems presented by electronic transactions are ignored or disregarded. Consequently, identity theft, which occurs when a person's personal and financial information is obtained and used by unauthorized persons, has become an enormous and growing problem. In 2004 the US Federal Trade Commission estimated that the annual losses to business as a result of ID theft was about $50 billion. The cost to individuals was about $5 billion. VISA® and MasterCard® reported fraud-related losses in 2000 of $114 million, with approximately a 10% annual increase over the previous four years. Identity theft related losses in Canada increased 2.6-fold in just 1 year—from $8.5 million to $21.5 million, 2002 to 2003.
During roughly the same period that the use and abuse of electronic transaction technology has increased, there has been an even greater rate of increase in the use of portable communications devices, most notably cellular telephones. In the 33 years following Martin Cooper's first wireless call from a hand-held mobile phone in 1973, the number of cell phones in use has grown to more than 2.5 billion world wide—a number presently approaching 50% of the entire human population. In many countries the number of cell phone subscriptions significantly exceeds 100% of the population. No other electronic technology is as ubiquitous or as universal as portable communications; consequently, no other electronic technology is better placed to be exploited for security enhancement.
Many approaches to resolving security problems related to electronic-transactions have attempted to combine electronic communications technology and secured identifiers. For instance, U.S. Pat. No. 6,954,740 to Talker discloses a system in which credit card signatures and check transactions are verified by transmitting the PIN with the transaction request. U.S. Pat. No. 6,868,391 to Hultgren discloses a system in which a customer initiating an electronic-transaction calls a verifying entity from a point of sale (POS) and gives the verifying entity a PIN, which PIN the verifying entity compares with a known valid PIN. While such systems may provide worthwhile enhancements to security for electronic-transactions, they are generally difficult or inconvenient to implement, particularly from the customer's point of view. For instance, Hultgren requires the customer to contact the verifying entity by placing a call to the verifying entity, which requires knowing and inputting the verifier's phone number and then waiting for the call to be answered and processed.
What is needed is a method of and system for verifying the identity of a user during an electronic-transaction wherein the method is easy to implement, easy to use, and substantially transparent to the user, and yet flexible enough to be used anywhere in the world without the user having to make or initiate calls to a verifying entity.